Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 6 of 6
  1. #1
    Status
    Offline
    denbagoos's Avatar
    Newbie
    Join Date
    Sep 2012
    Location
    Ponorogo
    Posts
    37
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Help seting Mikrotik

    Mohon bantuan para suhu....
    langsung saja topologi dan hardware yg saya pake


     

    Hotspot
    192.168.3.0/24|
    |
    192.168.3.1|192.168.1.1 192.168.1.0/24
    Modem (Mode Bridge)------------------RB750------------------LAN
    |192.168.4.1
    |
    192.168.4.2|
    External Proxy


     

    • AP UBNT M2-HP v.5.52
    • Mikrotik RB750
    • Repeater TP-Link TL-WA5110 (mode universal repeater)
    • Spec proxy AMD LE-1250,RAM 2gb,HD 250



    [SPOILER=Konfig Mikrotik (hasil copas sana sini)]
     

    /ip firewall layer7-protocol
    add name="YOUTUBE DOWNLOAD" regexp="http/(0\\.9|1\\.0|1\\.1)[\\x09-\\x0d ][1-5\
    ][0-9][0-9][\\x09-\\x0d -~]*(content-type: video)"
    add name=EXE regexp="\\.(exe)"
    add name=RAR regexp="\\.(rar)"
    add name=ZIP regexp="\\.(zip)"
    add name=7z regexp="\\.(7z)"
    add name=WMV regexp="\\.(wmv)"
    add name=MPG regexp="\\.(mpg)"
    add name=MPEG regexp="\\.(mpeg)"
    add name=AVI regexp="\\.(avi)"
    add name=FLV regexp="\\.(flv)"
    add name=WAV regexp="\\.(wav)"
    add name=MP3 regexp="\\.(mp3)"
    add name=MP4 regexp="\\.(mp4)"
    add name=ISO regexp="\\.(iso)"
    add name=3GP regexp="\\.(3gp)"
    add name=MOV regexp="\\.(mov)"
    add name=MKV regexp="\\.(mkv)"
    add name="YOUTUBE STREAMING" regexp=youtube
    add name=PORN regexp=porn
    add name=TUBE regexp=tube
    add name=VIDEO regexp=video
    add name=MOVIE regexp=movie


     

    /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="2.GAME DOWN" parent=global-out priority=2
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=2M name="3.GAME UPLOAD" parent=Speedy priority=2
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=800k name="5.ALL HTTP DOWN" parent=global-out priority=2
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=500k name="4.LIMIT EXTENTION" parent="5.ALL HTTP DOWN" \
    priority=5
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=YOUTUBE parent="4.LIMIT EXTENTION" priority=5
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=PORN parent="4.LIMIT EXTENTION" priority=5
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=80M name="1.PROXY HIT-Hotspot" packet-mark=proxy-pac parent=\
    Hotspot priority=2 queue="PROXY DOWN"
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=80M name="1.PROXY HIT-LAN" packet-mark=proxy-pac parent=LAN \
    priority=2 queue="PROXY DOWN"
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=153600 name="4.BROWSING UPLOAD" packet-mark=drain-hpu parent=\
    proxy priority=4 queue=UP
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=8k \
    max-limit=30k name=6.PING1 packet-mark=drain-ip parent=global-out \
    priority=1 queue=PING
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=8k \
    max-limit=30k name=7.PING2-Hotspot packet-mark=drain-ip parent=Hotspot \
    priority=1 queue=PING
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=8k \
    max-limit=30k name=7.PING2-LAN packet-mark=drain-ip parent=LAN priority=1 \
    queue=PING
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=8k \
    max-limit=30k name=8.DNS1 packet-mark=drain-dp parent=global-out \
    priority=1 queue=PING
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=8k \
    max-limit=30k name=9.DNS2 packet-mark=drain-dp parent=Speedy priority=1 \
    queue=PING
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
    max-limit=1M name="1.GAME ONLINE DOWN" packet-mark=drain-gopd parent=\
    "2.GAME DOWN" priority=2 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=512k name="2.GAME FACEBOOK DOWN" packet-mark=drain-gfpd parent=\
    "2.GAME DOWN" priority=3 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512k \
    max-limit=1M name="1.GAME ONLINE UPLOAD" packet-mark=drain-gopu parent=\
    "3.GAME UPLOAD" priority=2 queue=UP
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=256k name="2.GAME FACEBOOK UPLOAD" packet-mark=drain-gfpu \
    parent="3.GAME UPLOAD" priority=3 queue=UP
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=800k name="1.BROWSING DOWN" packet-mark=drain-hpd parent=\
    "5.ALL HTTP DOWN" priority=3 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="YOUTUBE STREAMING" packet-mark="YOUTUBE STREAMING" \
    parent=YOUTUBE priority=5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=MKV packet-mark=MKV parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=MP3 packet-mark=MP3 parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=MP4 packet-mark=MP4 parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=ZIP packet-mark=ZIP parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=EXE packet-mark=EXE parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=ISO packet-mark=ISO parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=AVI packet-mark=AVI parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=MOV packet-mark=MOV parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=MPEG packet-mark=MPEG parent="4.LIMIT EXTENTION" \
    priority=5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=MPG packet-mark=MPG parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=RAR packet-mark=RAR parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=WAV packet-mark=WAV parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=WMV packet-mark=WMV parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=3GP packet-mark=3GP parent="4.LIMIT EXTENTION" priority=\
    5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=7z packet-mark=7z parent="4.LIMIT EXTENTION" priority=5 \
    queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="YOUTUBE DOWNLOAD" packet-mark="YOUTUBE DOWNLOAD" \
    parent=YOUTUBE priority=5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=PORN1 packet-mark=PORN1 parent=PORN priority=5 queue=\
    DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=PORN2 packet-mark=PORN2 parent=PORN priority=5 queue=\
    DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=PORN3 packet-mark=PORN3 parent=PORN priority=5 queue=\
    DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name="MIVO TV" packet-mark="MIVO TV" parent=\
    "4.LIMIT EXTENTION" priority=5 queue=DOWN
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=0 name=PORN4 packet-mark=PORN4 parent=PORN priority=5 queue=\
    DOWN
    /routing bgp instance
    set default as=65530 client-to-client-reflection=yes disabled=no \
    ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
    no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0 routing-table=""


     

    /queue type
    set default kind=pfifo name=default pfifo-limit=50
    set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
    set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
    sfq-perturb=5
    set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
    red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
    set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=\
    5
    add kind=pcq name=pcq-download pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
    add kind=pcq name=pcq-upload pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=2000
    add kind=pcq name=hotspot-dwon pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=256k pcq-src-address-mask=\
    32 pcq-src-address6-mask=64 pcq-total-limit=200
    add kind=pcq name=dinamis pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
    pcq-src-address6-mask=64 pcq-total-limit=200
    add kind=pcq name=DOWN pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
    10s pcq-classifier=dst-address,dst-port pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
    pcq-src-address6-mask=128 pcq-total-limit=2000
    add kind=pcq name=UP pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
    10s pcq-classifier=src-address,src-port pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
    pcq-src-address6-mask=128 pcq-total-limit=2000
    add kind=pfifo name=PING pfifo-limit=64
    add kind=pcq name="PROXY DOWN" pcq-burst-rate=0 pcq-burst-threshold=0 \
    pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
    pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 \
    pcq-src-address6-mask=128 pcq-total-limit=2000
    set only-hardware-queue kind=none name=only-hardware-queue
    set multi-queue-ethernet-default kind=mq-pfifo mq-pfifo-limit=50 name=\
    multi-queue-ethernet-default
    set default-small kind=pfifo name=default-small pfifo-limit=10


     

    /ip firewall address-list
    add address=192.168.4.2 comment="SQUID PROXY EXTERNAL" disabled=no list=proxy
    add address=192.168.1.1-192.168.1.254 comment=OP disabled=no list=LAN
    add address=192.168.3.1-192.168.3.254 comment=OP disabled=no list=Hotspot


     

    /ip firewall filter
    add action=accept chain=input disabled=no dst-port=8291 protocol=tcp
    add action=drop chain=forward connection-state=invalid disabled=no
    add action=drop chain=virus disabled=no dst-port=135-139 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1433-1434 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=445 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=445 protocol=udp
    add action=drop chain=virus disabled=no dst-port=593 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1024-1030 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1080 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1214 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1363 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1364 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1368 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1373 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1377 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=2283 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=2535 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=3127 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=3410 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=4444 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=4444 protocol=udp
    add action=drop chain=virus disabled=no dst-port=5554 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=8866 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=9898 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=10080 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=12345 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=17300 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=27374 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=65506 protocol=tcp
    add action=jump chain=forward disabled=no jump-target=virus
    add action=drop chain=input connection-state=invalid disabled=no
    add action=accept chain=input disabled=no protocol=udp
    add action=accept chain=input disabled=no limit=50/5s,2 protocol=icmp
    add action=drop chain=input disabled=no protocol=icmp
    add action=accept chain=input disabled=no dst-port=21 protocol=tcp
    add action=accept chain=input disabled=no dst-port=22 protocol=tcp
    add action=accept chain=input disabled=no dst-port=23 protocol=tcp
    add action=accept chain=input disabled=no dst-port=80 protocol=tcp
    add action=accept chain=input disabled=no dst-port=8291 protocol=tcp
    add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
    add action=accept chain=input disabled=no dst-port=23 protocol=tcp
    add action=accept chain=input disabled=no dst-port=80 protocol=tcp
    add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
    add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s \
    chain=input disabled=no dst-port=1337 protocol=tcp
    add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m \
    chain=input disabled=no dst-port=7331 protocol=tcp src-address-list=knock
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port scanners to list " \
    disabled=no protocol=tcp psd=21,3s,3,1
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
    protocol=tcp tcp-flags=syn,rst
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
    no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
    protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
    0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
    add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
    0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
    add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
    0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
    add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
    0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
    add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
    0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
    add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
    0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
    add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
    0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
    add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
    0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
    add action=accept chain=input comment="ANTI NETCUT" disabled=no dst-port=\
    0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254


     

    /ip firewall mangle
    add action=mark-packet chain=postrouting comment="SQUID PROXY HIT" disabled=\
    no dscp=12 new-packet-mark=proxy-pac passthrough=no
    add action=mark-connection chain=prerouting comment=ICMP disabled=no \
    new-connection-mark=drain-ic passthrough=yes protocol=icmp
    add action=mark-packet chain=prerouting connection-mark=drain-ic disabled=no \
    new-packet-mark=drain-ip passthrough=yes
    add action=change-dscp chain=prerouting disabled=no new-dscp=1 packet-mark=\
    drain-ip passthrough=yes
    add action=mark-connection chain=prerouting comment=DNS disabled=no dst-port=\
    53 new-connection-mark=drain-dc passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting disabled=no dst-port=53 \
    new-connection-mark=drain-dc passthrough=yes protocol=udp
    add action=mark-packet chain=prerouting connection-mark=drain-dc disabled=no \
    new-packet-mark=drain-dp passthrough=yes
    add action=change-dscp chain=prerouting disabled=no new-dscp=1 packet-mark=\
    drain-dp passthrough=yes
    add action=mark-connection chain=prerouting comment=HTTP disabled=no \
    dst-port=80 new-connection-mark=drain-hc passthrough=yes protocol=tcp
    add action=mark-packet chain=forward connection-mark=drain-hc disabled=no \
    dst-address=192.168.3.0/24 new-packet-mark=drain-hpd passthrough=no
    add action=mark-packet chain=forward connection-mark=drain- disabled=no \
    new-packet-mark=drain-hpu passthrough=no src-address=192.168.3.0/24
    add action=mark-connection chain=prerouting comment="GAME ONLINE" disabled=no \
    dst-port="1818,2001,3010,4300,5105,5121,5126,5171,5340-5352,6000-6001,6000\
    -6152,7777" new-connection-mark=drain-goc passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting disabled=no dst-port="7341-7350,74\
    51,8085,9600,9601-9602,9300,9400,9700,9376-9377,10001-10011,40000" \
    new-connection-mark=drain-goc passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting disabled=no dst-port="10009,13008,\
    16666,28012,11011-11041,10402,11031,12011,12110,13413,15000-15002,15001,15\
    002" new-connection-mark=drain-goc passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting disabled=no dst-port="16402-16502,\
    18901-18909,19000,19101,22100,27780,29000,29200,39100,39 110,39220,39190,49\
    100" new-connection-mark=drain-goc passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting disabled=no dst-port=14009-14010 \
    new-connection-mark=drain-goc passthrough=yes protocol=tcp
    add action=mark-connection chain=prerouting disabled=no dst-port="1293,1479,61\
    00-6152,7777-7977,9401,9600-9602,12020-12080,30000,40000-40010" \
    new-connection-mark=drain-goc passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting disabled=no dst-port=\
    42051-42052,11100-11125,11440-11460 new-connection-mark=drain-goc \
    passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting disabled=no dst-port=14009-14010 \
    new-connection-mark=drain-goc passthrough=yes protocol=udp
    add action=mark-packet chain=forward connection-mark=drain-goc disabled=no \
    dst-address=192.168.3.0/24 new-packet-mark=drain-gopd passthrough=no
    add action=mark-packet chain=forward connection-mark=drain-goc disabled=no \
    new-packet-mark=drain-gopu passthrough=no src-address=192.168.3.0/24
    add action=mark-connection chain=prerouting comment="GAME FACEBOOK" disabled=\
    no dst-port=843,9339 new-connection-mark=drain-gfc passthrough=yes \
    protocol=tcp
    add action=mark-packet chain=forward connection-mark=drain-gfc disabled=no \
    dst-address=192.168.3.0/24 new-packet-mark=drain-gfpd passthrough=no
    add action=mark-packet chain=forward connection-mark=drain-gfc disabled=no \
    new-packet-mark=drain-gfpu passthrough=no src-address=192.168.3.0/24
    add action=mark-connection chain=prerouting comment="MIVO TV" disabled=no \
    dst-port=1935 new-connection-mark=drain-mtc passthrough=yes protocol=tcp
    add action=mark-packet chain=forward connection-mark=drain-mtc disabled=no \
    new-packet-mark="MIVO TV" passthrough=no
    add action=mark-packet chain=forward comment="LIMIT EXTENTION" disabled=no \
    layer7-protocol="YOUTUBE DOWNLOAD" new-packet-mark="YOUTUBE DOWNLOAD" \
    passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=\
    "YOUTUBE STREAMING" new-packet-mark="YOUTUBE STREAMING" passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=TUBE \
    new-packet-mark=PORN1 passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=PORN \
    new-packet-mark=PORN2 passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=VIDEO \
    new-packet-mark=PORN3 passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=MOVIE \
    new-packet-mark=PORN4 passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=MKV \
    new-packet-mark=MKV passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=MP3 \
    new-packet-mark=MP3 passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=MP4 \
    new-packet-mark=MP4 passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=ZIP \
    new-packet-mark=ZIP passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=EXE \
    new-packet-mark=EXE passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=FLV \
    new-packet-mark=FLV passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=ISO \
    new-packet-mark=ISO passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=MOV \
    new-packet-mark=MOV passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=MPEG \
    new-packet-mark=MPEG passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=MPG \
    new-packet-mark=MPG passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=RAR \
    new-packet-mark=RAR passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=WAV \
    new-packet-mark=WAV passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=WMV \
    new-packet-mark=WMV passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=ISO \
    new-packet-mark=3GP passthrough=no
    add action=mark-packet chain=forward disabled=no layer7-protocol=7z \
    new-packet-mark=7z passthrough=no
    add action=mark-connection chain=forward comment=LAN-LOKAL disabled=no \
    new-connection-mark=lan-con passthrough=yes protocol=!icmp src-address=\
    192.168.1.0/24
    add action=mark-packet chain=forward connection-mark=lan-con disabled=no \
    new-packet-mark=lan-pac passthrough=yes
    add action=add-src-to-address-list address-list=warnet address-list-timeout=\
    1m chain=prerouting comment="User online list adding from LAN" disabled=\
    yes in-interface=LAN src-address=192.168.1.0/24 src-address-type=!local
    add action=mark-connection chain=forward comment="hotspot===========" \
    disabled=yes new-connection-mark=hot-con passthrough=yes src-address=\
    192.168.3.0/24


     

    /ip firewall nat
    add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
    add action=dst-nat chain=dstnat comment=Redirect_Proxy_LAN disabled=no \
    dst-port=80,8080,3128 in-interface=LAN protocol=tcp src-address=\
    !192.168.4.0/24 src-address-list=LAN to-addresses=192.168.4.2 to-ports=\
    3128
    add action=masquerade chain=srcnat comment=MASQUERADE-LAN disabled=no \
    out-interface=LAN
    add action=dst-nat chain=dstnat comment=Redirect_Proxy_Hotspot disabled=no \
    dst-port=80,8080,3128 in-interface=Hotspot protocol=tcp src-address=\
    !192.168.4.0/24 src-address-list=Hotspot to-addresses=192.168.4.2 \
    to-ports=3128
    add action=masquerade chain=srcnat comment=MASQUERADE-Hotspot disabled=no \
    out-interface=Hotspot


    Manajemen User Hotspot dengan Userman

    permasalahan yg saya hadapi
    1. Saya tidak dapat mengakses modem tanpa menonaktifkan redirect ke proxy dulu (koneksi S****y di tempat saya suka drop SNR nya,jd hrs restart modem br bagus lg,jd hrs rajin cek modem)
    2. Tidak bisa mengakses repeater kalau tidak ada user yg terkoneksi ke repeater tersebut (padahal kalo di cek AP utama repeater dlm keadaan terkoneksi)
    3. User Hotspot sering tiba˛ terputus tidak bs mengakses network/internet secara berjamaah (padahal user LAN lancar dan harus restart mikrotik dulu br bisa konek)
    4. Kadang koneksi ke proxy menggunakan putty di tolak oleh squid (2-3x coba br bs masuk,bahkan kadang jg hrs restart mikrotik)


    mohon bantuan para master dimana letak permasalahannya,ada di seting squid ato di mikrotik dan bagaimana solusinya....
    segala masukan dari para master akan sunggung berarti bagi kelangsungan hidup saya T__T
    Last edited by spymedan; 19-02-2013 at 13:34. Reason: ga nongol˛

  2. #2
    Status
    Offline
    denbagoos's Avatar
    Newbie
    Join Date
    Sep 2012
    Location
    Ponorogo
    Posts
    37
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ini seting squid.conf nya
     

    # Proxy Server Versi 2.7.Stable7
    #-----------------------------------#

    #---------------------------------------------------------------#
    # Port
    #---------------------------------------------------------------#

    http_port 3128 transparent

    #---------------------------------------------------------------#
    #untuk facebook
    #---------------------------------------------------------------#

    server_http11 on

    acl speedtest dstdomain .speedtest.cbn.net
    acl speedtest dstdomain .speedtest.net
    cache allow speedtest

    #icp_port 3130
    #prefer_direct off
    #tambahan
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY

    #---------------------------------------------------------------#
    # Cache & Object
    #---------------------------------------------------------------#

    cache_mem 8 MB
    cache_swap_low 98
    cache_swap_high 99
    max_filedesc 8192
    maximum_object_size 128 MB
    minimum_object_size 0 KB
    maximum_object_size_in_memory 125 KB

    ipcache_size 4096
    ipcache_low 98
    ipcache_high 99
    fqdncache_size 4096
    cache_replacement_policy heap LFUDA
    memory_replacement_policy heap GDSF


    mime_table /usr/share/squid/mime.conf
    #----------------------------------------------------------------#
    # cache_dir
    #----------------------------------------------------------------#

    cache_dir aufs /cache 140000 16 256


    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    #cache_store_log none
    log_fqdn off
    pid_filename /var/run/squid.pid
    cache_swap_log /var/log/squid/swap.state
    dns_nameservers 192.168.4.1
    emulate_httpd_log off
    hosts_file /etc/hosts
    half_closed_clients off
    negative_ttl 1 minutes
    #anyar
    positive_dns_ttl 1 hours

    #ftp mode pasif

    ftp_passive on
    ftp_sanitycheck on

    #---------------------------------------------------------------#
    # Rules: Safe Port
    #---------------------------------------------------------------#

    #tambahan
    quick_abort_min 0
    quick_abort_max 0
    quick_abort_pct 98
    shutdown_lifetime 10 seconds


    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563 873 # https snews rsync
    acl Safe_ports port 80 # http
    acl Safe_ports port 20 21 # ftp
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 631 # cups
    acl Safe_ports port 10000 # webmin
    acl Safe_ports port 901 # SWAT
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 873 # rsync
    acl Safe_ports port 110 # POP3
    acl Safe_ports port 25 # SMTP
    acl Safe_ports port 2095 2096 # webmail from cpanel
    acl Safe_ports port 2082 2083 # cpanel


    acl purge method PURGE
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !Safe_ports !SSL_ports
    http_access deny CONNECT !SSL_ports !Safe_ports

    #---------------------------------------------------------------#
    # Refresh Pattern
    #---------------------------------------------------------------#

    # pictures & images
    refresh_pattern -i \.(gif|png|jpeg|jpg|bmp|tif|tiff|ico)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims

    #sound, video multimedia
    refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.(xml|html|htm|js|txt|css|php)$ 10080 80% 43200 override-expire override-lastmod reload-into-ims

    #sound, video multimedia
    refresh_pattern -i \.(flv|x-flv|mov|avi|qt|mpg|mpeg|swf)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.(wav|mp3|mp4|au|mid)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-reload

    # files
    refresh_pattern -i \.(iso|deb|rpm|zip|tar|tgz|ram|rar|bin|ppt|doc)$ 21600 90% 43200 ignore-no-cache ignore-auth
    refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 21600 override-expire ignore-no-cache ignore-auth
    refresh_pattern -i \.(rar|tgz|tar|exe|bin|arj)$ 21600 100% 43200 override-expire ignore-no-cache ignore-auth
    refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 100000 100% 99000000 override-expire ignore-no-cache ignore-auth
    refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 100000 100% 99000000 override-expire ignore-no-cache ignore-auth


    refresh_pattern -i \.swf$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.3gp$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.rm$ 10080 90% 10080 override-expire override-lastmod reload-into-ims
    refresh_pattern -i \.wma$ 10080 90% 10080 override-expire override-lastmod reload-into-ims

    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320 override-expire override-lastmod reload-into-ims
    refresh_pattern ^ 720 100% 4320
    #refresh_pattern ^ 720 100% 4320 override-expire override-lastmod reload-into-ims
    #refresh_pattern ^ 720 100% 4320 override-expire override-lastmod reload-into-ims
    #refresh_pattern ^ 720 100% 4320 override-expire override-lastmod reload-into-ims
    refresh_pattern ^ 720 100% 4320 override-expire override-lastmod reload-into-ims
    refresh_pattern ^ 720 100% 4320 override-expire override-lastmod reload-into-ims
    #refresh_pattern ^ 720 100% 4320 override-expire override-lastmod reload-into-ims
    #refresh_pattern ^ 720 100% 4320 override-expire override-lastmod reload-into-ims
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    #refresh_pattern ^ 180 100% 4320
    #refresh_pattern ^ 180 100% 4320
    #refresh_pattern ^ 180 100% 4320
    #refresh_pattern ^ 180 100% 4320
    #refresh_pattern ^ 180 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320
    refresh_pattern ^ 720 100% 4320

    #default option
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
    refresh_pattern . 0 20% 4320

    #---------------------------------------------------------------#
    # SNMP
    #---------------------------------------------------------------#

    snmp_port 3401
    acl snmpsquid snmp_community public
    snmp_access allow snmpsquid localhost
    snmp_access deny all

    #---------------------------------------------------------------#
    # ALLOWED ACCESS
    #---------------------------------------------------------------#


    acl localnet src 192.168.1.0/24
    acl localnet src 192.168.2.0/24
    acl localnet src 192.168.3.0/24
    acl localnet src 192.168.4.0/24
    http_access allow localnet
    http_access allow localhost
    http_access deny all
    http_reply_access allow all
    icp_access allow localnet
    icp_access allow localhost
    icp_access allow all
    always_direct deny all

    #---------------------------------------------------------------#
    # Cache CGI & Administrative
    #---------------------------------------------------------------#

    cache_mgr drain-net
    visible_hostname drain
    cache_effective_user proxy
    cache_effective_group proxy

    logfile_rotate 7

    #tambahan
    memory_pools on #biasanya off
    icp_hit_stale on
    query_icmp on
    reload_into_ims on
    coredump_dir /var/spool/squid
    pipeline_prefetch on
    vary_ignore_expire on

    request_body_max_size 1048 KB



    #-----------------------------------------------------------------#
    #tcp_outgoing_tos 0x30 localnet
    #-----------------------------------------------------------------#

    zph_mode tos
    zph_local 0x30
    zph_parent 0
    zph_option 136


    kalau post pertama saya ga nongol tlg di liat pake quote ya T_T...udah di edit berkali˛ tetep ga nongol di browser saya T__T
    Last edited by denbagoos; 19-02-2013 at 13:34.

  3. #3
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    ....
    cache_dir aufs /cache 140000 16 256 = << yakin nih?? Click here to enlarge

  4. #4
    Status
    Offline
    denbagoos's Avatar
    Newbie
    Join Date
    Sep 2012
    Location
    Ponorogo
    Posts
    37
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    ....
    cache_dir aufs /cache 140000 16 256 = << yakin nih?? Click here to enlarge
    emg hrs nya gmn om Click here to enlarge
    ini masi dlm tahap belajar, cache saya kasi 140gb tp ram cmn 2gb,kalo di itung pake squid calculator seh emg ga segitu Click here to enlarge

  5. #5
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    ramnya cukup, cuman kalo 140GB HDD maka

    140000 MB = 143360000 KB
    L2 = 256
    L1 = 143360000 / 13 / 256 / 256 x 2 = 336

    itu kalo mau kepake semua..
    gw liat di conf ente ga ada set average object, jadi default 13 KB
    kalo L1 = 16 maka kapasitas cache_dir ente hanya bisa menampung = 6,5 GB atau sekitar 500.000 object

  6. The Following User Says Thank You to Anto.PJ For This Useful Post:


  7. #6
    Status
    Offline
    denbagoos's Avatar
    Newbie
    Join Date
    Sep 2012
    Location
    Ponorogo
    Posts
    37
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    ramnya cukup, cuman kalo 140GB HDD maka

    140000 MB = 143360000 KB
    L2 = 256
    L1 = 143360000 / 13 / 256 / 256 x 2 = 336

    itu kalo mau kepake semua..
    gw liat di conf ente ga ada set average object, jadi default 13 KB
    kalo L1 = 16 maka kapasitas cache_dir ente hanya bisa menampung = 6,5 GB atau sekitar 500.000 object
    ok makasi om, trs kalo permasalahan yg tak sebutin itu gmn om solusinya,trs ini misal ada user yg sudah terkoneksi,trs mikrotik tak restart,gt mikrotik udah up lg user yg td udah terkoneksi jd ga ter queue,dan ter redirect ke proxy lg, kurang apanya ya ....

    makasi sebelumnya....

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [ASK] Seting Mikrotik Dengan AP
    By mazznoer in forum General Networking
    Replies: 0
    Last Post: 20-04-2012, 16:08
  2. (ask) seting mikrotik hotspot
    By rockadalghie in forum Beginner Basics
    Replies: 2
    Last Post: 30-01-2012, 15:52
  3. (ask) first seting mikrotik
    By aneka_tour in forum Beginner Basics
    Replies: 4
    Last Post: 17-10-2011, 06:26
  4. Seting BGP Mikrotik
    By healinlodge in forum General Networking
    Replies: 0
    Last Post: 21-12-2008, 03:19
  5. seting AP mikrotik
    By adi_badboy in forum Wireless Networking
    Replies: 1
    Last Post: 29-08-2007, 12:12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •